Tag Archives: personal information

Privacy Shield: Article 29 Working Party Calls Upon the European Commission and US Authorities to Restart Discussions

‎On November 28, 2017, the EU’s Article 29 Working Party issued its report on the First Annual Joint Review of the EU-US Privacy Shield, which was conducted on September 18-19, 2017.

In this 38 page report, the WP analyzed the Privacy Shield’s commercial and government aspects (as it did in its earlier opinion, issued in April 2016 when the Privacy Shield was still a draft;… More

Some Cyber Monday Shopping Tips

As you enjoy the holiday weekend, and even some Cyber Monday shopping, keep in mind these online shopping tips from the FTC:

  • Know the seller and the item. Put the company or product name in a search engine, along with “review,” “complaint,” or “scam.” Read the reviews. Be sure you can contact the seller if you have a dispute.
  • Avoid clicking links in emails.…
  • More

Mistake in Your Credit Report? The Latest Spokeo Decision Suggests You May Have A Case.

In the 9th Circuit’s August 15, 2017 decision in Robins v. Spokeo, the latest in the long-running legal debate about when a consumer cause of action exists for a data breach, the 9th Circuit has declared that inaccuracies in a published credit report may sometimes constitute a “concrete injury” sufficient to confer Article III standing. This is a significant win for consumer protection advocates,… More

How Can Yahoo E-Mail Scanning Impact the EU-U.S. Privacy Shield?

Reuters reported earlier this month that, according to three former employees, Yahoo Inc. had “complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo mail accounts at the behest of the NSA or FBI.” Yahoo responded that the article was misleading, but did not deny the scanning had occurred.

The New York Times reported further details about this scanning:  Yahoo had modified a system intended to scan emails for child pornography and spam in order to satisfy a secret court order requiring it to search for messages containing a computer “signature” tied to the communications of a state-sponsored terrorist organization.… More

EU General Data Protection Regulation Adopted

After years of intense discussions, the EU General Data Protection Regulation (GDPR) was finally adopted on 14 April 2016.

The GDRP sets out uniform new rules in the field of data protection across the EU, rules that will standardize the law in the 28 EU Member States and have an impact on both European and non-European companies.  For example:

  • data controllers (companies collecting and using personal information) will have a wide range of new obligations,…
  • More

FTC Announces COPPA Settlements Based on Persistent Identifiers

The COPPA Rule requires website and online service operators to give notice to parents and obtain verifiable parental consent before collecting children’s “personal information” online.  16 CFR §§ 312.4, 312.5.  The definition of “personal information” encompasses some obvious pieces of data – name and address, for example – and some less-obvious ones, such as screen names, geolocation data, and “persistent identifiers.”  A “persistent identifier” is a piece of information “that can be used to recognize a user over time and across different web sites or online services,” such as “a cookie,… More

HIPAA Privacy Regulations Amended to Allow Disclosures of Mental Health Information for Firearm Background Checks

On January 4, 2016, the Department of Health and Human Services (HHS) modified the HIPAA Privacy Rule to expressly permit certain covered entities to disclose to the National Instant Criminal Background Check System (NICS) the identities of those individuals who, for mental health reasons, already are prohibited by Federal law from having a firearm.  According to HHS, “This modification better enables the reporting of the identities of prohibited individuals to the background check system and is an important step toward improving the public’s safety while continuing to strongly protect individuals’… More

European Union Agrees On a New Data Protection Framework To Replace the 95/46/CE Directive: Meet the “General Data Protection Regulation”

On 15 December 2015, the three main European institutions, the Commission, the Parliament and the Council, agreed on the final text of the General Data Protection Regulation (GDPR) which has been on the table since January 2012. This is a major achievement, given the number of obstacles that still needed to be overcome a few weeks ago in order to meet the end of 2015 deadline for finalizing the GDPR. … More

The Revised COPPA Rule and “Personal Information” – One Example that Balances Anonymity and Interactivity

The revised Children’s Online Privacy Protection Act (“COPPA”) Rules, as discussed here previously were meant to bring regulations in line with, in the FTC’s words, the “rapid-fire pace of technological changes to the online environment” that  have taken place since COPPA was passed in 2000.  This week’s Boston Globe article about the new public television production, WGBH’s “Plum Landing,” provides an interesting illustration of the impact of the revised COPPA Rule.… More